Projects Summit 2013

Introduction

The OWASP Project Summit is a smaller version of the much larger OWASP Summits. This event activity gives our project leaders the opportunity to showcase their project progress, and have attendees sit down and work on project tasks during the event. It is an excellent opportunity to engage the event attendees, and it gives project leaders the chance to move forward on their project milestones while meeting new potential volunteers that can assist with future milestones.

Planning to sponsor 2 "senior developers" to attend the hack-a-thon and take the lead role on the development effort, they will be involved in the architecture aspect of the project and goal-building and attendees will be able to choose a component from the architecture to work on.

We will purchase a prize for the developer/team that accomplishes the most quality work scored based on complexity of the component(s) they will be working on. The judges for the prizes will be Jeff Williams, Kevin Wall and Chris Schmidt.

There will be a set of guidelines for entries – primarily, backwards compatibility and/or clear upgrade path from ESAPI 2.x, testability, and distribution model of the component.

To demonstrate and introduce the OWASP PHP Security Project, have people contribute to it and have people contribute it to their own projects!

The project is developed, we're going to show sample usages and have people try to hack them (which should be impossible). We also introduce the libraries and discuss what future works are needed on the project.

The project is really interesting and has a cool aim, and this will help get a lot more people in its community.

RBAC Project

OWASP RBAC is a new cutting-edge technology taht can revolutionize the authorization domain. Unfortunately because its rigorous and comlex, we havent been very succesful in expanding its usage.

Get the people know how awesome this is, and get them use it in their applications. This is a pretty mature project and is one of those things that you don't know exists, but when you do you can't get enough of. We also like to get contributors porting it to other programming languages.

OWASP PHP Security project plans to gather around secure PHP libraries, and provide a full featured framework of libraries for secure web applications in PHP, both as separate de-coupled libraries and as a whole secure web application framework.

Collaboration, Learning and Sharing Knowledge - By creating an environment where attendees can get together in an 'live hacking' event.

In order to keep things focused, the 'targets' are going to be companies that have public "Bug Bounties' programs. These will be companies that accept and want to be targets for such ethical hacking activities.

Each participant will be asked to have 'common sense' and to respect a couple 'soft' rules of engagement.

All participants are encouraged to share their ideas, techniques and discoveries.

In addition to the 'Bug Bounty' targets, we will also add a couple Open Source apps so that the 'builders' also have the opportunity to fix the source code and the 'breakers' can do source-code analysis.

Planning to sponsor 2 "senior developers" to attend the hack-a-thon and take the lead role on the development effort, they will be involved in the architecture aspect of the project and goal-building and attendees will be able to choose a component from the architecture to work on.

We will purchase a prize for the developer/team that accomplishes the most quality work scored based on complexity of the component(s) they will be working on. The judges for the prizes will be Jeff Williams, Kevin Wall and Chris Schmidt.

There will be a set of guidelines for entries – primarily, backwards compatibility and/or clear upgrade path from ESAPI 2.x, testability, and distribution model of the component.

Collaboration, Learning and Sharing Knowledge - By creating an environment where attendees can get together in an 'live hacking' event.

In order to keep things focused, the 'targets' are going to be companies that have public "Bug Bounties' programs. These will be companies that accept and want to be targets for such ethical hacking activities.

Each participant will be asked to have 'common sense' and to respect a couple 'soft' rules of engagement.

All participants are encouraged to share their ideas, techniques and discoveries.

In addition to the 'Bug Bounty' targets, we will also add a couple Open Source apps so that the 'builders' also have the opportunity to fix the source code and the 'breakers' can do source-code analysis.

Planning to sponsor 2 "senior developers" to attend the hack-a-thon and take the lead role on the development effort, they will be involved in the architecture aspect of the project and goal-building and attendees will be able to choose a component from the architecture to work on.

We will purchase a prize for the developer/team that accomplishes the most quality work scored based on complexity of the component(s) they will be working on. The judges for the prizes will be Jeff Williams, Kevin Wall and Chris Schmidt.

There will be a set of guidelines for entries – primarily, backwards compatibility and/or clear upgrade path from ESAPI 2.x, testability, and distribution model of the component.

Collaboration, Learning and Sharing Knowledge - By creating an environment where attendees can get together in an 'live hacking' event.

In order to keep things focused, the 'targets' are going to be companies that have public "Bug Bounties' programs. These will be companies that accept and want to be targets for such ethical hacking activities.

Each participant will be asked to have 'common sense' and to respect a couple 'soft' rules of engagement.

All participants are encouraged to share their ideas, techniques and discoveries.

In addition to the 'Bug Bounty' targets, we will also add a couple Open Source apps so that the 'builders' also have the opportunity to fix the source code and the 'breakers' can do source-code analysis.

Planning to sponsor 2 "senior developers" to attend the hack-a-thon and take the lead role on the development effort, they will be involved in the architecture aspect of the project and goal-building and attendees will be able to choose a component from the architecture to work on.

We will purchase a prize for the developer/team that accomplishes the most quality work scored based on complexity of the component(s) they will be working on. The judges for the prizes will be Jeff Williams, Kevin Wall and Chris Schmidt.

There will be a set of guidelines for entries – primarily, backwards compatibility and/or clear upgrade path from ESAPI 2.x, testability, and distribution model of the component.

Collaboration, Learning and Sharing Knowledge - By creating an environment where attendees can get together in an 'live hacking' event.

In order to keep things focused, the 'targets' are going to be companies that have public "Bug Bounties' programs. These will be companies that accept and want to be targets for such ethical hacking activities.

Each participant will be asked to have 'common sense' and to respect a couple 'soft' rules of engagement.

All participants are encouraged to share their ideas, techniques and discoveries.

In addition to the 'Bug Bounty' targets, we will also add a couple Open Source apps so that the 'builders' also have the opportunity to fix the source code and the 'breakers' can do source-code analysis.